<?
include '../connect.php';
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add News</title>
<style type="text/css">
<!--
body {
	background-color: #000000;
	background-image: url(../../images/alliance-tile.jpg); background-repeat:repeat-x;
}
body,td,th {
	color: #CC9900;
	font-family: Arial, Helvetica, sans-serif;
	font-size: 13px;
}
a:link {
    color:#CC9900; 
	
	
}
a:visited {
    color:#CC9900;
	
}
a:hover {
    color:#ffffff;
}
a:active {
    color:#FF0000;

	
}
input { background:transparent; background-image:url(../../images/transp.png); color:#FFFFFF; border: 1px solid #333333}
select { background-color:#000000; color:#FFFFFF; border: 1px solid #333333}
textarea { background-color:#000000; color:#FFFFFF; border: 1px solid #333333}

-->
</style></head>

<body>

<center>
<?PHP
$user=$_SESSION['user'];
$getuser="SELECT * from b_users a, b_templates b where b.templateid=a.templateclass and a.username='$user'";
$getuser2=mysql_query($getuser) or die("Could not get user info");
$getuser3=mysql_fetch_array($getuser2);
$templateclass="default";

$s=$_SERVER["REMOTE_ADDR"];
$checkip="SELECT * from b_banip where ip='$s'";
$checkip2=mysql_query($checkip) or die("Could not get IPs");
$checkip3=mysql_fetch_array($checkip2);
if($checkip3)
{
   die("<table class='maintable'><tr class='headline'><td><center><strong>Add News Failed</strong></center></td></tr><tr class='forumrow'><td><center>Your IP was banned from posting! Go away!</center></td></tr></table>");
}

if (isset($_SESSION['user'])||$guestposting=="Yes"||$guestposting=="yes")
{
 $user=$_SESSION['user'];
 $getid="SELECT * from b_users where username='$user'";
 $getid2=mysql_query($getid) or die("could not get user");
 $getid3=mysql_fetch_array($getid2);

 $getforuminfo="SELECT * from b_forums where ID='$forumID'";
  $getforuminfo2=mysql_query($getforuminfo) or die("Could not get forum info");
  $getforuminfo3=mysql_fetch_array($getforuminfo2);
  if(!$_SESSION['user'])
   {
         $getid3[status]=-1;
   }

 if($getid3[banned]=="Yes")
 {
  die("<table class='maintable'><tr class='headline'><td><center><strong>New News Failed</strong></center></td></tr><tr class='forumrow'><td><center>You have been banned from posting</center></td></tr></table>");
 } 
 
 if(isset($_POST['reply']))
 {
      if(!$_POST['name'] || !$_POST['post'])
      {
        print "<table>";
        print "<tr class='headline'><td><center><strong>Adding News Failed</strong></center></td></tr>";
        print "<tr class='forumrow'><td><center>";
        print "One of the required fields was not filled in, please go back and try again.";
        print "</td></tr></table>";
      }
      else
      {
       $name=$getid3[username];      
       $post=$_POST['post'];
       $title=$_POST['title']; 
	   $iconid=$_POST['iconid']; 
       $datepost=date("M-j-Y");
       $timepost=date("YnjHis") ;
       if(!$_SESSION['user'])
       {
         $user="Guest";
       }
       $threadparent=$_POST['threadparent'];
       $name=htmlspecialchars($name);
       $title=htmlspecialchars($title);
       //$post=strip_tags($post,'<p><a><b><i><img><u><div><center><object><param><font>[url][img][URL][IMG][FONT][font]<sub><sup><span><li><size>[list][o][size][s][mail]');

       $posting="INSERT INTO b_news (title, content, iconid, timepost, datepost, author) values ('$title', '$post', '$iconid', '$timepost', '$datepost', '$name')";
       mysql_query($posting) or die("could not post");
       print "<br><br><br><br><table>";
       print "<tr><td><center><strong>Add News Successfull</strong></center></td></tr>";
       print "<tr class='forumrow'><td><center>";
       print "Thanks for posting. Redirecting to Admin CP. <META HTTP-EQUIV = 'Refresh' Content = '1; URL =index.php'>";
       print "</td></tr></table>";
      }
 }

else
 {
    print "<br><br><br><br><table style='border: 1px solid #000000; background-image: url(../../images/transp.png)'>";
    print "<tr><td style='background-image: url(../../images/transpblack.png)'><center><strong>Add News</strong></center></td></tr>";
    print "<tr><td><center>";
    print "<table border='0'>";
    print "<tr><td>";
    print "<form action='addnews.php' method='post' name='form'>";
    if(!$_SESSION['user'])
    {
      $getguest="SELECT * FROM b_users WHERE username='Guest'";
      $getguest2=mysql_query($getguest) or die(mysql_error());
      $getguest3=mysql_fetch_array($getguest2);
      print "<input type='hidden' name='name' value='$getguest3[userID]'>";
      print "<b>Name:</b> Guest<br><br>";
    }
    else
    {    
      print "<input type='hidden' name='name' value=$getid3[userID]>";
      print "<b>Name:</b> $user<br><br>";
    }  
	print "<strong>Title: </strong><br><input type='text' name='title'><br><br>";
    print "<input type='hidden' name='news' value=$news>";
	
	print "<strong>Icon ID:</strong><br>";
    print "<input type='text' name='iconid' value='5'><br><br>";
	
	?>
	  <table width="200px" border="0" cellspacing="0" cellpadding="5" style=" color:#FFFFFF">
  <tr align="center">
    <td><img src="../../news/id1.gif"><br>
    1</td>
    <td><img src="../../news/id2.gif" width="30" height="23"><br>
    2</td>
    <td><img src="../../news/id3.gif" width="30" height="23"><br>
      3</td>
  </tr>
  <tr align="center">
    <td><img src="../../news/id4.gif" width="30" height="23"><br>
    4</td>
    <td><img src="../../news/id5.gif" width="30" height="23"><br>
    5</td>
    <td><img src="../../news/id6.gif" width="30" height="23"><br>
      6</td>
  </tr>
  <tr align="center">
    <td><img src="../../news/id7.gif" width="30" height="23"><br>
    7</td>
    <td><img src="../../news/id8.gif" width="30" height="23"><br>
    8</td>
    <td><img src="../../news/id9.gif" width="30" height="23"><br>
      9</td>
  </tr>
</table>
<?

    print "<b>Message:</b><br>";
   
    print "<textarea rows='12' name='post' cols='45' id='7'></textarea><br><br>";

    //print "<input type='checkbox' name='nosmiley'>&nbsp;Disable Smilies and BBCode<br><br>";
    print "<input type='submit' name='reply' value='Add News'>";
    print "</form>";

   
    print "</td></tr></table></td></tr></table>";
   
 }
}
else
{
  print "<br><br><br><br><table  style='border: 1px solid #000000; background-image: url(../../images/transp.png)'>";
  print "<tr><td  style='background-image: url(../../images/transpblack.png)'><center><strong>Posting News Failed</strong></center></td></tr>";
  print "<tr class='forumrow'><td><center>";
  print "Not logged in as Admin, please <A href='../../forum/login.php'>go here</a> to log in";
  print "</td></tr></table>";
}
 
?>

</td></tr></table>

</center></body></html>